from pwn import *
import hashpumpy
import re
context.log_level = 'debug'

conn = remote('localhost', 10001)  # 替换为实际的主机名和端口号

# 接收服务器的欢迎消息
string1 = conn.recvline().decode()
conn.recvline()
conn.recvline()



md5hash = re.search('\w{32}', string1)[0]
md5plain = re.search('\w{12}', string1)[0]
a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)

# 发送数据到服务器
payload_md5 = a[0].encode()
payload2 = a[1]

conn.sendline(payload_md5)
conn.sendline(payload2)


# 接收并打印服务器的回复
response = conn.recvall()

# 关闭连接
conn.close()